- Cyber Security Services
- Compliance Services
- IT Risk and Audit Services
- Contact Us
For a period of about 18 months, Ransomware dominated the news related to information security. Companies of all sizes and verticals were under attack by cybercriminals that were looking to make a quick buck, or a lot of bucks in some cases. Then, all of the sudden, Ransomware sort of went quiet and we didn’t hear about it as much. There are numerous possible reasons for ransomware going quiet for some time. One popular thought is that these cybercriminals were further developing their malware code to become more effective. The introduction of Ransomware-as-a-Service (RaaS) has further complicated ransomware as cybercriminals buy “older” versions of this malware, “improve” upon it, and then blast it out to everyone. Ransomware is like a game of cat and mouse; cybercriminals create a version that is effective for a short amount of time, the information security world catches on and figures out how to either decrypt the ransomware and unlock the files and our anti-malware systems/email gateways/anti-virus programs identify the malware and mitigate the chances of it getting through to our systems.
Earlier this year, various Ransomware examples began to pop up, especially around the “Locky” ransomware variant, as well as others. There were some changes to the underlying code but nothing substantial according to security researchers. Now there is another new variant of the Locky ransomware that was identified over the past couple of days, and one that we need to be aware of and pay attention to.
This new version of Locky is called IKARUS or Locky Diablo 6 by some security firms. The challenge with this specific Ransomware example is that it evades your machine learning (your spam filters.) The email appears to come from a vendor that you work with and contains an attachment that looks to be a scanned document from a Konica Minolta C224e, which happens to be a very popular business class scanner/printer. So here you have a double whammy: It looks to come from someone legit and it looks to be a scan from a very popular business scanner/printer. The problem is that it is not legit and is a nightmare if you open the attachment.
so what do you do to mitigate your risk of an infection? the good news is that all the same rules apply for this ransomware variant as they did to others: